Howto renew a server certificate for VPN server

  • 10100262
  • NOVL104943
  • 24-Jan-2006
  • 24-Jan-2006

Archived Content: This information is no longer maintained and is provided 'as is' for your convenience.

Goal

Howto renew a server certificate for VPN server

Fact

Novell BorderManager 3.8

Change

Vpn s2s stops working

Server certificate has expired

Fix

To renew server certificate without trashing the vpn settings, follow this steps:

 

1. Create a new Server Certificate, either in C1 or iManager as follows:

Chose the VPN Server as host, give it whatever name you want, and chose
"custom" as creation method.

2. At the "type" of the cert, select "custom" again, and check all three
Key Usage options. This is absolutely important, otherwise the cert
won't work. Leave the rest at default.

3. Make sure you specify the *same* subject name for the new certificate
as the previous public key certificate.

4. If you don't want to go through this again, make sure you specify
maximum validity.

5. Create the cert.

6. Rename the expired cert to some other name, e.g old-VpnCervCert -
Servername.

7. Rename the new Cert to get the original name of the expired cert.

8. In C1, open the properties of the VPN Server, and go to the "other"
Tab.

9. Find the vpnServerCert attribute. YOu'll notice it contains the
renamed *old* cert. Change that to the new, not expired cert you just
renamed to the original name.

In the very second you apply that change, the VPN will start working
again immediately, without any further action necessary.

Feedback service temporarily unavailable. For content questions or problems, please contact Support.